Files
D1041231077-webgis/03/admin_reset_password.php
2026-06-10 22:26:03 +07:00

47 lines
1.5 KiB
PHP

<?php
/**
* admin_reset_password.php — Admin mereset password user
* POST: request_id, user_id, new_password
*/
session_start();
require_once 'koneksi.php';
header('Content-Type: application/json');
if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] !== 'admin') {
echo json_encode(['success' => false, 'message' => 'Akses ditolak']);
exit;
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
echo json_encode(['success' => false, 'message' => 'Hanya POST']);
exit;
}
$request_id = (int)($_POST['request_id'] ?? 0);
$user_id = (int)($_POST['user_id'] ?? 0);
$new_password = $_POST['new_password'] ?? '';
if ($request_id <= 0 || $user_id <= 0 || strlen($new_password) < 6) {
echo json_encode(['success' => false, 'message' => 'Password minimal 6 karakter']);
exit;
}
// Update password user
$hashed = password_hash($new_password, PASSWORD_DEFAULT);
$stmt = $conn->prepare("UPDATE users SET password = ? WHERE id = ?");
$stmt->bind_param("si", $hashed, $user_id);
if (!$stmt->execute()) {
echo json_encode(['success' => false, 'message' => 'Gagal update password']);
$stmt->close(); $conn->close(); exit;
}
$stmt->close();
// Tandai request sebagai done
$stmt2 = $conn->prepare("UPDATE password_resets SET status = 'done' WHERE id = ?");
$stmt2->bind_param("i", $request_id);
$stmt2->execute();
$stmt2->close();
echo json_encode(['success' => true, 'message' => 'Password berhasil direset. User bisa login dengan password baru.']);
$conn->close();